08-12-2009, 03:21 AM
Join Date: Aug 2009
Post Thanks: 0
Thanked 0 Times in 0 Posts
| | BlackBerry router in DMZ
as other told you before, the best thing is to install a BlackBerry router on your DMZ Network. It can be done using the setup file used to install BES Server. At the beginning, there are some installation option, which one of them is the BB Router installation.
Once installed, you don't need to uninstall the local BB Router but you have to configure the BES to forward TCP 3101 traffic to the new BB Router:
from the BES, open BlackBerry Server Configuration and, under Router settings, change the SRP address with the IP address of your BB Router. Leave the other settings (all TCP ports 3101). Obviously, the BB Router has to be configured to point the Internet SRP address (for Italy is the srp.it.blackberry.net).
We have that kind of configuration and I can confirm you that you have to open only the outgoing TCP port 3101:
BES -(TCP 3101)-> BB Router -(TCP 3101)-> Internet RIM SRP
Moreover, BB Router can run with local system account privileges so you can have a standalone machine in DMZ. Otherwise you have also to allow on the firewall all the traffic needed by a member server of an M$ AD Domain (RPC, Kerberos, LDAP and more.................).